def test_owned_dataset_company_users_with_admin_should_edit(self):
        org = factories.Organization()
        fred = factories.User(name='fred')
        bob = factories.User(name='bob')
        alice = factories.User(name='alice')

        member_fred = {'username': fred['name'],
                  'role': 'admin',
                  'id': org['id']}
        helpers.call_action('organization_member_create', **member_fred)

        member_bob = {'username': bob['name'],
                  'role': 'admin',
                  'id': org['id']}
        helpers.call_action('organization_member_create', **member_bob)

        dataset = factories.Dataset(user=fred, owner_org=org['name'], managing_users="bob")
        context = {'model': model, 'user': '******'}
        params = {
             'id': dataset['id'],
         }
        result = helpers.call_auth('package_update', context=context, **params)
        assert result == True
        context = {'model': model, 'user': '******'}
        result = helpers.call_auth('package_update', context=context, **params)
        assert result == True
        #Alice is not in the organization
        context = {'model': model, 'user': '******'}
        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth, 'package_update', context=context, **params)
Beispiel #2
0
 def test_group_admin_delete_correct_creds(self):
     '''
     Calling group admin delete by a sysadmin doesn't raise NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('group_admin_delete', context=context)
Beispiel #3
0
 def test_project_admin_list_correct_creds(self):
     '''
     Calling project admin list by a sysadmin doesn't raise
     NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_project_admin_list', context=context)
Beispiel #4
0
 def test_showcase_admin_remove_correct_creds(self):
     '''
     Calling showcase admin remove by a sysadmin doesn't raise
     NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_showcase_admin_remove', context=context)
Beispiel #5
0
 def test_config_option_public_activity_stream_detail(self):
     '''Config option says an anon user is authorized to get activity
     stream data/detail.
     '''
     dataset = factories.Dataset()
     context = {'user': None, 'model': model}
     helpers.call_auth('package_activity_list',
                       context=context,
                       id=dataset['id'], include_data=True)
Beispiel #6
0
 def test_project_package_association_delete_sysadmin(self):
     '''
     Calling project package association create by a sysadmin doesn't
     raise NotAuthorized.
     '''
     a_sysadmin = factories.Sysadmin()
     context = {'user': a_sysadmin['name'], 'model': None}
     helpers.call_auth('ckanext_project_package_association_delete',
                       context=context)
Beispiel #7
0
    def test_showcase_package_association_create_showcase_admin(self):
        '''
        Calling showcase package association create by a showcase admin
        doesn't raise NotAuthorized.
        '''
        showcase_admin = factories.User()

        # Make user a showcase admin
        helpers.call_action('ckanext_showcase_admin_add', context={},
                            username=showcase_admin['name'])

        context = {'user': showcase_admin['name'], 'model': None}
        helpers.call_auth('ckanext_showcase_package_association_create',
                          context=context)
Beispiel #8
0
    def test_project_package_association_delete_project_admin(self):
        '''
        Calling project package association create by a project admin
        doesn't raise NotAuthorized.
        '''
        project_admin = factories.User()

        # Make user a project admin
        helpers.call_action('ckanext_project_admin_add', context={},
                            username=project_admin['name'])

        context = {'user': project_admin['name'], 'model': None}
        helpers.call_auth('ckanext_project_package_association_delete',
                          context=context)
Beispiel #9
0
    def test_sysadmin_user_can_clear(self):
        user = factories.User(sysadmin=True)

        context = {'user': user['name'], 'model': model}
        response = helpers.call_auth('resource_view_clear', context=context)

        assert_equals(response, True)
Beispiel #10
0
    def test_user_update_user_can_update_herself(self):
        '''Users should be authorized to update their own accounts.'''

        # Make a mock ckan.model.User object, Fred.
        fred = factories.MockUser(name='fred')

        # Make a mock ckan.model object.
        mock_model = mock.MagicMock()
        # model.User.get(user_id) should return our mock user.
        mock_model.User.get.return_value = fred

        # Put the mock model in the context.
        # This is easier than patching import ckan.model.
        context = {'model': mock_model}

        # The 'user' in the context has to match fred.name, so that the
        # auth function thinks that the user being updated is the same user as
        # the user who is logged-in.
        context['user'] = fred.name

        # Make Fred try to update his own user name.
        params = {
            'id': fred.id,
            'name': 'updated_user_name',
        }

        result = helpers.call_auth('user_update', context=context, **params)
        assert result is True
Beispiel #11
0
    def test_group_show__user_is_avail_to_public(self):
        group = factories.Group()
        context = {'model': model}
        context['user'] = ''

        assert helpers.call_auth('group_show', context=context,
                                 id=group['name'])
Beispiel #12
0
    def test_group_show__deleted_group_is_visible_to_its_member(self):

        fred = factories.User(name="fred")
        org = factories.Group(users=[fred])
        context = {"model": model}
        context["user"] = "******"

        ret = helpers.call_auth("group_show", context=context, id=org["name"])
        assert ret
Beispiel #13
0
    def test_group_show__deleted_org_is_visible_to_its_member(self):

        fred = factories.User(name="fred")
        fred["capacity"] = "editor"
        org = factories.Organization(users=[fred])
        context = {"model": model}
        context["user"] = "******"

        ret = helpers.call_auth("group_show", context=context, id=org["name"])
        assert ret
Beispiel #14
0
 def assert_authorization_passes(self, auth_function_name, user_roles,
                                 project_id, project_id_parameter,
                                 **kwargs):
     kwargs[project_id_parameter] = project_id
     for user_role in user_roles:
         assert_true(helpers.call_auth(
             auth_function_name,
             context=self.get_user_context(user_role),
             **kwargs)
         )
Beispiel #15
0
    def test_group_show__deleted_group_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        org = factories.Group(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context,
                                id=org['name'])
        assert ret
Beispiel #16
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('package_create_default_resource_views',
                                     context=context, package=dataset)
        assert_equals(response, True)
Beispiel #17
0
    def test_group_show__deleted_org_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred], state='deleted')
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context,
                                id=org['name'])
        assert ret
Beispiel #18
0
    def test_datastore_search_sql_perms(self):

        context = self._get_context(self.normal_user)
        context['table_names'] = [self.resource['id']]
        with pytest.raises(toolkit.NotAuthorized):
            core_helpers.call_auth(
                'datastore_search_sql',
                context=context,
                resource_id=self.resource['id'],
            )

        context = self._get_context(self.org_user)
        context['table_names'] = [self.resource['id']]
        assert core_helpers.call_auth('datastore_search_sql', context=context,
            resource_id=self.resource['id'])

        context = self._get_context(self.sysadmin)
        context['table_names'] = [self.resource['id']]
        assert core_helpers.call_auth('datastore_search_sql', context=context,
            resource_id=self.resource['id'])
Beispiel #19
0
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name="fred")
        fred["capacity"] = "editor"
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org["id"], state="deleted")
        context = {"model": model}
        context["user"] = "******"

        ret = helpers.call_auth("package_show", context=context, id=dataset["name"])
        assert ret
Beispiel #20
0
    def test_group_show__deleted_org_is_visible_to_its_member(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('group_show', context=context,
                                id=org['name'])
        assert ret
Beispiel #21
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('package_create_default_resource_views',
                                     context=context,
                                     package=dataset)
        assert_equals(response, True)
    def test_run_sysadmin(self, app):

        resource = factories.Resource()
        sysadmin = factories.Sysadmin()

        context = {'user': sysadmin['name'], 'model': model}

        assert_equals(
            call_auth('resource_validation_run',
                      context=context,
                      resource_id=resource['id']), True)
Beispiel #23
0
    def test_sysadmin_is_authorized(self):

        sysadmin = factories.Sysadmin()

        resource = {'title': 'Resource', 'url': 'http://test', 'format': 'csv'}

        context = {'user': sysadmin['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context,
                                     **resource)
        assert_equals(response, True)
Beispiel #24
0
    def test_delete_collaborator_admin_is_authorized(self):

        user = factories.User()

        helpers.call_action(
            'package_collaborator_create',
            id=self.dataset['id'], user_id=user['id'], capacity='admin')

        context = self._get_context(user)
        assert helpers.call_auth(
            'package_collaborator_delete', context=context, id=self.dataset['id'])
Beispiel #25
0
    def test_dataset_show_private_member(self):

        org = factories.Organization()
        dataset = factories.Dataset(private=True, owner_org=org['id'])
        user = factories.User()

        context = self._get_context(user)
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth('package_show',
                              context=context,
                              id=dataset['id'])

        helpers.call_action('package_collaborator_create',
                            id=dataset['id'],
                            user_id=user['id'],
                            capacity='member')

        assert helpers.call_auth('package_show',
                                 context=context,
                                 id=dataset['id'])
Beispiel #26
0
    def test_sysadmin_is_authorized(self):

        sysadmin = factories.Sysadmin()

        resource = {"title": "Resource", "url": "http://test", "format": "csv"}

        context = {"user": sysadmin["name"], "model": core_model}
        response = helpers.call_auth("resource_create",
                                     context=context,
                                     **resource)
        assert response
Beispiel #27
0
    def test_not_authorized_if_user_has_no_permissions_on_dataset_3(self):

        org = factories.Organization()

        user = factories.User()

        member = {"username": user["name"], "role": "admin", "id": org["id"]}
        helpers.call_action("organization_member_create", **member)

        user_2 = factories.User()

        dataset = factories.Dataset(owner_org=org["id"])

        context = {"user": user_2["name"], "model": core_model}
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth(
                "package_create_default_resource_views",
                context=context,
                package=dataset,
            )
Beispiel #28
0
    def test_resource_create_public_admin_and_editor(self, role):

        org = factories.Organization()
        dataset = factories.Dataset(owner_org=org['id'])
        user = factories.User()

        context = self._get_context(user)
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth('resource_create',
                              context=context,
                              package_id=dataset['id'])

        helpers.call_action('package_collaborator_create',
                            id=dataset['id'],
                            user_id=user['id'],
                            capacity=role)

        assert helpers.call_auth('resource_create',
                                 context=context,
                                 package_id=dataset['id'])
Beispiel #29
0
    def test_create_unowned_datasets(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        assert dataset['owner_org'] is None
        assert dataset['creator_user_id'] == user['id']

        context = self._get_context(user)
        assert helpers.call_auth(
            'package_collaborator_create', context=context, id=dataset['id'])
Beispiel #30
0
    def test_user_generate_own_apikey(self):
        fred = factories.MockUser(name="fred")
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {"model": mock_model, "auth_user_obj": fred}
        context["user"] = fred.name
        params = {"id": fred.id}

        result = helpers.call_auth("user_generate_apikey", context=context, **params)
        assert result is True
Beispiel #31
0
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org['id'], state='deleted')
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('package_show', context=context,
                                id=dataset['name'])
        assert ret
Beispiel #32
0
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name='fred')
        fred['capacity'] = 'editor'
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org['id'], state='deleted')
        context = {'model': model}
        context['user'] = '******'

        ret = helpers.call_auth('package_show', context=context,
                                id=dataset['name'])
        assert ret
Beispiel #33
0
    def test_resource_view_list_private_editor(self):

        org = factories.Organization()
        dataset = factories.Dataset(private=True, owner_org=org['id'])
        resource = factories.Resource(package_id=dataset['id'])
        user = factories.User()

        context = self._get_context(user)
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth('resource_view_list',
                              context=context,
                              id=resource['id'])

        helpers.call_action('package_collaborator_create',
                            id=dataset['id'],
                            user_id=user['id'],
                            capacity='editor')

        assert helpers.call_auth('resource_view_list',
                                 context=context,
                                 id=resource['id'])
Beispiel #34
0
    def test_sysadmin_is_authorized(self):

        sysadmin = factories.Sysadmin()

        resource = {'title': 'Resource',
                    'url': 'http://test',
                    'format': 'csv'}

        context = {'user': sysadmin['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context, **resource)
        assert_equals(response, True)
Beispiel #35
0
def test_user_update_with_no_user_in_context():

    # Make a mock ckan.model.User object.
    mock_user = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return our mock user.
    mock_model.User.get.return_value = mock_user

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # For this test we're going to have no 'user' in the context.
    context["user"] = None

    params = {"id": mock_user.id, "name": "updated_user_name"}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_update", context=context, **params)
Beispiel #36
0
    def test_datastore_info_private_member(self):

        org = factories.Organization()
        dataset = factories.Dataset(private=True, owner_org=org[u'id'])
        resource = factories.Resource(package_id=dataset[u'id'])
        user = factories.User()

        context = self._get_context(user)
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth(u'datastore_info',
                              context=context,
                              resource_id=resource[u'id'])

        helpers.call_action(u'package_collaborator_create',
                            id=dataset[u'id'],
                            user_id=user[u'id'],
                            capacity=u'member')

        assert helpers.call_auth(u'datastore_info',
                                 context=context,
                                 resource_id=resource[u'id'])
Beispiel #37
0
    def test_resource_delete_public_member(self):

        org = factories.Organization()
        dataset = factories.Dataset(owner_org=org['id'])
        resource = factories.Resource(package_id=dataset['id'])
        user = factories.User()

        context = self._get_context(user)
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth('resource_delete',
                              context=context,
                              id=resource['id'])

        helpers.call_action('package_collaborator_create',
                            id=dataset['id'],
                            user_id=user['id'],
                            capacity='member')

        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth('resource_delete',
                              context=context,
                              id=resource['id'])
    def test_only_org_member_can_view_revision(self):
        user = factories.User()
        simple_user = factories.User()
        org = factories.Organization(users=[{
            'name': user['name'],
            'capacity': 'editor'
        }])
        self.user = user
        self.simple_user = simple_user
        self.org = org

        pkg = factories.Dataset(owner_org=org['id'])
        th.call_action('move_to_next_stage', id=pkg['id'])
        data = th.call_action('move_to_next_stage', id=pkg['id'])
        pkg.update(data)
        revision = th.call_action('create_dataset_revision',
                                  {'user': user['name']},
                                  id=pkg['id'])

        th.call_auth('read_dataset_revision', {
            'model': model,
            'user': user['name']
        }, **revision)
        nt.assert_raises(tk.NotAuthorized, th.call_auth,
                         'read_dataset_revision', {
                             'model': model,
                             'user': simple_user['name']
                         }, **revision)
        th.call_action('move_to_next_stage', id=revision['id'])

        th.call_auth('read_dataset_revision', {
            'model': model,
            'user': user['name']
        }, **revision)
        nt.assert_raises(tk.NotAuthorized, th.call_auth,
                         'read_dataset_revision', {
                             'model': model,
                             'user': simple_user['name']
                         }, **revision)
Beispiel #39
0
def test_ipermissionlabels_user_group_see_privates_inverted(
        create_with_upload):
    """User is not allowed to see another user's private datasets"""
    user_a = factories.User()
    user_b = factories.User()
    owner_org = factories.Organization(users=[{
        'name': user_a['id'],
        'capacity': 'admin'
    }])
    owner_group = factories.Group(users=[
        {
            'name': user_a['id'],
            'capacity': 'admin'
        },
    ])
    context_a = {
        'ignore_auth': False,
        'user': user_a['name'],
        'model': model,
        'api_version': 3
    }
    context_b = {
        'ignore_auth': False,
        'user': user_b['name'],
        'model': model,
        'api_version': 3
    }

    dataset, _ = make_dataset(context_a,
                              owner_org,
                              create_with_upload=create_with_upload,
                              activate=True,
                              groups=[{
                                  "id": owner_group["id"]
                              }],
                              private=True)

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("package_show", context_b, id=dataset["id"])
 def test_unowned_only_creator_can_edit(self):
     fred = factories.User(name='fred')
     bob = factories.User(name='bob')
     dataset = factories.Dataset(user=fred)
     context = {'model': model, 'user': '******'}
     params = {
          'id': dataset['id'],
      }
     result = helpers.call_auth('package_update', context=context, **params)
     assert result == True
     #Bob should not be able to edit package
     context = {'model': model, 'user': '******'}
     nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth, 'package_update', context=context, **params)
 def test_unowned_only_managing_users_can_edit(self):
     fred = factories.User(name='fred')
     bob = factories.User(name='bob')
     alice = factories.User(name='alice')
     lisa = factories.User(name='lisa')
     dataset = factories.Dataset(user=fred, managing_users='bob,alice')
     context = {'model': model, 'user': '******'}
     params = {
          'id': dataset['id'],
      }
     result = helpers.call_auth('package_update', context=context, **params)
     assert result == True
     #Bob and alice should be also able to edit
     context = {'model': model, 'user': '******'}
     result = helpers.call_auth('package_update', context=context, **params)
     assert result == True
     context = {'model': model, 'user': '******'}
     result = helpers.call_auth('package_update', context=context, **params)
     assert result == True
     #Lisa shuldn't be able
     context = {'model': model, 'user': '******'}
     nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth, 'package_update', context=context, **params)
Beispiel #42
0
    def test_proposed_dataset_invisible_to_another_editor(self):
        user = factories.User()
        user2 = factories.User()
        org = factories.Organization(
            user=user2, users=[{u"name": user["id"], u"capacity": u"editor"}]
        )
        factories.Dataset(
            name=u"d1", notes=u"Proposed:", user=user2, owner_org=org["id"]
        )

        results = get_action(u"package_search")(
            {u"user": user["name"]}, {u"include_private": True}
        )["results"]
        names = [r["name"] for r in results]
        assert names == []

        with pytest.raises(NotAuthorized):
            call_auth(
                u"package_show",
                {u"user": user["name"], u"model": model},
                id=u"d1",
            )
    def test_proposed_dataset_visible_to_creator(self):
        user = factories.User()
        dataset = factories.Dataset(
            name=u'd1', notes=u'Proposed:', user=user)

        results = get_action(u'package_search')(
            {u'user': user['name']}, {u'include_private': True})['results']
        names = [r['name'] for r in results]
        assert_equal(names, [u'd1'])

        ret = call_auth(u'package_show',
                        {u'user': user['name'], u'model': model}, id=u'd1')
        assert ret
    def test_package_show__deleted_dataset_is_visible_to_editor(self):

        fred = factories.User(name="fred")
        fred["capacity"] = "editor"
        org = factories.Organization(users=[fred])
        dataset = factories.Dataset(owner_org=org["id"], state="deleted")
        context = {"model": model}
        context["user"] = "******"

        ret = helpers.call_auth("package_show",
                                context=context,
                                id=dataset["name"])
        assert ret
Beispiel #45
0
    def test_owned_dataset_company_users_with_admin_should_edit(self):
        org = factories.Organization()
        fred = factories.User(name='fred')
        bob = factories.User(name='bob')
        alice = factories.User(name='alice')

        member_fred = {
            'username': fred['name'],
            'role': 'admin',
            'id': org['id']
        }
        helpers.call_action('organization_member_create', **member_fred)

        member_bob = {
            'username': bob['name'],
            'role': 'admin',
            'id': org['id']
        }
        helpers.call_action('organization_member_create', **member_bob)

        dataset = factories.Dataset(user=fred,
                                    owner_org=org['name'],
                                    managing_users="bob")
        context = {'model': model, 'user': '******'}
        params = {
            'id': dataset['id'],
        }
        result = helpers.call_auth('package_update', context=context, **params)
        assert result == True
        context = {'model': model, 'user': '******'}
        result = helpers.call_auth('package_update', context=context, **params)
        assert result == True
        #Alice is not in the organization
        context = {'model': model, 'user': '******'}
        nose.tools.assert_raises(logic.NotAuthorized,
                                 helpers.call_auth,
                                 'package_update',
                                 context=context,
                                 **params)
Beispiel #46
0
    def test_authorized_if_user_has_permissions_on_dataset_2(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        context = {"user": user["name"], "model": core_model}
        response = helpers.call_auth(
            "package_create_default_resource_views",
            context=context,
            package=dataset,
        )
        assert response
def test_org_admin_bulk_update_delete_forbidden(create_with_upload):
    """do not allow bulk_update_delete"""
    user = factories.User()
    owner_org = factories.Organization(users=[{
        'name': user['id'],
        'capacity': 'admin'
    }])
    # create a datasets
    create_context1 = {
        'ignore_auth': False,
        'user': user['name'],
        'api_version': 3
    }
    ds1, _ = make_dataset(create_context1,
                          owner_org,
                          create_with_upload=create_with_upload,
                          activate=True)
    create_context2 = {
        'ignore_auth': False,
        'user': user['name'],
        'api_version': 3
    }
    ds2, _ = make_dataset(create_context2,
                          owner_org,
                          create_with_upload=create_with_upload,
                          activate=True)
    # assert: bulk_update_delete is should be forbidden
    test_context = {
        'ignore_auth': False,
        'user': user['name'],
        'model': model,
        'api_version': 3
    }
    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("bulk_update_delete",
                          test_context,
                          datasets=[ds1, ds2],
                          org_id=owner_org["id"])
Beispiel #48
0
    def test_proposed_dataset_visible_to_creator(self):
        user = factories.User()
        factories.Dataset(name=u"d1", notes=u"Proposed:", user=user)

        results = get_action(u"package_search")(
            {u"user": user["name"]}, {u"include_private": True}
        )["results"]
        names = [r["name"] for r in results]
        assert names == [u"d1"]

        ret = call_auth(
            u"package_show", {u"user": user["name"], u"model": model}, id=u"d1"
        )
        assert ret
Beispiel #49
0
    def test_not_authorized_if_user_has_no_permissions_on_dataset_4(self):

        org = factories.Organization()

        user = factories.User()

        member = {"username": user["name"], "role": "admin", "id": org["id"]}
        helpers.call_action("organization_member_create", **member)

        user_2 = factories.User()

        dataset = factories.Dataset(user=user, owner_org=org["id"])

        resource = {
            "package_id": dataset["id"],
            "title": "Resource",
            "url": "http://test",
            "format": "csv",
        }

        context = {"user": user_2["name"], "model": core_model}
        with pytest.raises(logic.NotAuthorized):
            helpers.call_auth("resource_create", context=context, **resource)
def test_user_generate_own_apikey():
    fred = factories.MockUser(name="fred")
    mock_model = mock.MagicMock()
    mock_model.User.get.return_value = fred
    # auth_user_obj shows user as logged in for non-anonymous auth
    # functions
    context = {"model": mock_model, "auth_user_obj": fred}
    context["user"] = fred.name
    params = {"id": fred.id}

    result = helpers.call_auth("user_generate_apikey",
                               context=context,
                               **params)
    assert result is True
    def test_show_anon_public_dataset(self, app):

        user = factories.User()
        org = factories.Organization()
        dataset = factories.Dataset(owner_org=org['id'],
                                    resources=[factories.Resource()],
                                    private=False)

        context = {'user': user['name'], 'model': model}

        assert_equals(
            call_auth('resource_validation_show',
                      context=context,
                      resource_id=dataset['resources'][0]['id']), True)
Beispiel #52
0
def test_user_update_visitor_cannot_update_user():
    """Visitors should not be able to update users' accounts."""

    # Make a mock ckan.model.User object, Fred.
    fred = factories.MockUser(name="fred")

    # Make a mock ckan.model object.
    mock_model = mock.MagicMock()
    # model.User.get(user_id) should return Fred.
    mock_model.User.get.return_value = fred

    # Put the mock model in the context.
    # This is easier than patching import ckan.model.
    context = {"model": mock_model}

    # No user is going to be logged-in.
    context["user"] = "******"

    # Make the visitor try to update Fred's user account.
    params = {"id": fred.id, "name": "updated_user_name"}

    with pytest.raises(logic.NotAuthorized):
        helpers.call_auth("user_update", context=context, **params)
Beispiel #53
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = {'package_id': dataset['id'],
                    'title': 'Resource',
                    'url': 'http://test',
                    'format': 'csv'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_create',
                                     context=context, **resource)
        assert_equals(response, True)
Beispiel #54
0
    def test_authorized_if_user_has_permissions_on_dataset_3(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = factories.Resource(user=user, package_id=dataset["id"])

        context = {"user": user["name"], "model": model}
        response = helpers.call_auth(
            "resource_create_default_resource_views",
            context=context,
            resource=resource,
        )
        assert response
Beispiel #55
0
    def test_user_generate_own_apikey(self):
        fred = factories.MockUser(name='fred')
        mock_model = mock.MagicMock()
        mock_model.User.get.return_value = fred
        # auth_user_obj shows user as logged in for non-anonymous auth
        # functions
        context = {'model': mock_model, 'auth_user_obj': fred}
        context['user'] = fred.name
        params = {
            'id': fred.id,
        }

        result = helpers.call_auth('user_generate_apikey', context=context,
                                   **params)
        assert result is True
Beispiel #56
0
    def test_user_invite_delegates_correctly_to_group_member_create(self, gmc):
        user = factories.User()
        context = {
            'user': user['name'],
            'model': None,
            'auth_user_obj': user
        }
        data_dict = {'group_id': 42}

        gmc.return_value = {'success': False}
        nose.tools.assert_raises(logic.NotAuthorized, helpers.call_auth,
                                 'user_invite', context=context, **data_dict)

        gmc.return_value = {'success': True}
        result = helpers.call_auth('user_invite', context=context, **data_dict)
        assert result is True
    def test_proposed_dataset_visible_to_org_admin(self):
        user = factories.User()
        user2 = factories.User()
        org = factories.Organization(
            user=user2,
            users=[{u'name': user['id'], u'capacity': u'editor'}])
        dataset = factories.Dataset(
            name=u'd1', notes=u'Proposed:', user=user, owner_org=org['id'])

        results = get_action(u'package_search')(
            {u'user': user2[u'name']}, {u'include_private': True})['results']
        names = [r['name'] for r in results]
        assert_equal(names, [u'd1'])

        ret = call_auth(u'package_show',
                        {u'user': user2['name'], u'model': model}, id=u'd1')
        assert ret
Beispiel #58
0
    def test_authorized_if_user_has_permissions_on_dataset(self):

        user = factories.User()

        dataset = factories.Dataset(user=user)

        resource = factories.Resource(user=user, package_id=dataset['id'])

        resource_view = {'resource_id': resource['id'],
                         'title': u'Resource View',
                         'view_type': u'image_view',
                         'image_url': 'url'}

        context = {'user': user['name'], 'model': core_model}
        response = helpers.call_auth('resource_view_create',
                                     context=context, **resource_view)
        assert_equals(response, True)
Beispiel #59
0
    def test_org_user_can_delete(self):
        user = factories.User()
        org_users = [{'name': user['name'], 'capacity': 'editor'}]
        org = factories.Organization(users=org_users)
        dataset = factories.Dataset(owner_org=org['id'],
                                    resources=[factories.Resource()],
                                    user=user)

        resource_view = factories.ResourceView(
            resource_id=dataset['resources'][0]['id']
        )

        context = {'user': user['name'], 'model': model}

        response = helpers.call_auth('resource_view_delete', context=context,
                                     id=resource_view['id'])

        assert_equals(response, True)